Am 07.04.20 um 19:44 schrieb [email protected]: > From: Maxim Plotnikov <[email protected]> > > Lack of this led people accepting multiple CAs to use capath, > which already supports multiple CRLs. But capath mode itself > is somewhat ugly: you have to create new file/symlink every time > CRL is updated, and there's no good way to clean them up without > restarting OpenVPN, since any gap in the sequence would cause it > to lose sync[1]. >
>
> - crl = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
> - if (crl == NULL)
> + int num_crls_loaded = 0;
> + while (true)
> {
> - msg(M_WARN, "CRL: cannot read CRL from file %s", crl_file);
> - goto end;
> - }
> + X509_CRL *crl = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
> + if (crl == NULL)
> + {
> + /*
> + * PEM_R_NO_START_LINE can be considered equivalent to EOF.
> + */
Minor whitespace problem.
> + bool eof = ERR_GET_REASON(ERR_peek_error()) ==
> PEM_R_NO_START_LINE;
> + /* but warn if no CRLs have been loaded */
> + if (num_crls_loaded > 0 && eof) {
> + /* remove that error from error stack */
> + (void)ERR_get_error();
> + break;
> + }
Minor style problem. { should be on the next line.
Acked-By: Arne Schwabe <[email protected]>
I leave it to Gert/David if they want a rev3 or fix the minor
style/whitespace problems on commit.
Arne
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
